[Mimedefang] [sendmail patch] access_db rejections at SMTP banner time
Nik Clayton
nik at ngo.org.uk
Thu Jun 2 05:33:33 EDT 2005
Hi all,
This isn't strictly MimeDefang related, but it does fix a milter-related
bug with Sendmail, and it can make access_db rejections more efficient,
so I thought I'd pass it on for comment and review.
This patch (to Sendmail 8.13.4)
http://jc.ngo.org.uk/trac-bin/trac.cgi/changeset/269
changes how Sendmail rejects connections from hosts listed in the access_db.
Currently:
Sendmail accepts the connection, does the greetpause delay (if any),
sends a '220' banner, and then rejects almost every SMTP verb from the
client.
This ties up resources (if your greetpause delay is big) and leads to
the situation where you might have rejected a client in the access
table but they're 'pre-rejected' by the greetpause checks.
With the patch:
Sendmail accepts the connection, skips the greetpause delay, and
immediately returns a '554' SMTP banner. The second line of the banner
is the rejection text from the access_db entry that triggered the block
(with any leading SMTP codes removed). Every SMTP verb except 'QUIT'
is then met with '503 bad sequence of commands', per RFC 2821:3.1.
As a side effect, this also fixes Sendmail's behaviour when a milter
indicates that the connection should be refused.
To enable this you'll need a line like:
APPENDDEF(`conf_sendmail_ENVDEF', `-D_FFR_BANNER_HONORS_ACCESSDB=1')dnl
in your site.config.m4 file (and rebuild with "./Build -c").
Comments? Criticisms?
N
More information about the MIMEDefang
mailing list